I think I have a legitimate reason to ask the same question so hopefully there is an easy way to do this.
I'm writing a .NET application that uses GeoServer and relies on Windows Authentication. I need to use GeoServer's role-based security but I can't ask the user to login using a GeoServer account after they've just logged in with a Windows account. My planned approach: - Use IIS reverse proxy URL rewrites so that http://dot.net.application/geoserver routes me through to Tomcat, removing any cross-domain issues (because now my .NET application and GeoServer appear on the same domain) - .NET landing page uses Windows Authentication to verify identify - .NET requests a new session from GeoServer (this is the bit I'm currently interested in) - Based on the Windows user's group .NET logs in to GeoServer with a known username / password combination with appropriate permissions for that Windows User Group (by posting to j_spring_security_check) - Once logged-in .NET passes the GeoServer JSESSIONID cookie back to the browser, so that the browser can hit http://.../geoserver as an authenticated GeoServer user (due to the proxy approach this is not a third-party cookie) Providing authentication details in each request to GeoServer in an auth header isn't an option because I don't want to send the encoded user / pass combination out to the browser If this sounds overly complex and there is a better approach I'd love to hear about it. If not then currently I have to request http://.../geoserver/web before GeoServer provides a new JSESSIONID. I'd like an easier way of getting it if possible -- View this message in context: http://osgeo-org.1560.n6.nabble.com/Getting-JSESSIONID-whithout-authentication-tp3795976p4983783.html Sent from the GeoServer - User mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
